from rest_framework.permissions import BasePermission, IsAuthenticated, SAFE_METHODS
from rest_framework import status


class IsStaff(IsAuthenticated):
    def has_permission(self, request, view):
        # 处理 c list
        if request.method in SAFE_METHODS:
            return request.user.is_staff
        return True
        # return super().has_permission(request, view) and request.user.is_superuser

    def has_object_permission(self, request, view, obj):
        # 处理 r u d
        return True
